Understanding security behaviors in personal computer usage: A threat avoidance perspective

Journal of the Association for Information Systems

Volumn 11, Issue 7, 2010, Pages 394-413

  Liang, Huigang ^a   Xue, Yajiong ^a  

^a EAST CAROLINA UNIVERSITY   (United States)

Author keywords

Avoidance; Home setting; Motivation; Safeguarding measure; Security; Severity; Susceptibility; Threat

Indexed keywords

NETWORK SECURITY; PERSONAL COMPUTERS;

AVOIDANCE; AVOIDANCE BEHAVIOUR; COMPUTER USERS; HOME SETTING; SAFEGUARDING MEASURE; SECURITY; SEVERITY; SUSCEPTIBILITY; THREAT; THREAT AVOIDANCE;

MOTIVATION;

EID: 77955121478     PISSN: 15583457     EISSN: 15369323     Source Type: Journal    
DOI: 10.17705/1jais.00232     Document Type: Article

References (75)

1. Agarwal, R., V. Sambamurthy, and R. M. Stair (2000) Research Report: The Evolving Relationship Between General and Specific Computer Self-Efficacy - An Empirical Assessment, Information Systems Research (11) 4, pp. 418-430.
2. Aguinis, H. (1995) Statistical power problems with moderated multiple regression in management research, Journal of Management (21) 6, pp. 1141-1158.
3. Aiken, L. and S. West (1991) Multiple Regression: Testing and Interpreting Interactions. Newbury Park, CA: Sage.
4. Ajzen, I. (1991) The theory of planned behavior, Organizational Behavior & Decision Processes (50), pp. 179-211.
5. Ajzen, I. and M. Fishbein (1980) Understanding attitudes and predicting behavior. Englewood Cliffs, NJ: Prentice Hall.
6. Anderson, C. L. and R. Agarwal (2006) Practicing Safe Computing: Message Framing, Self-View, and Home Computer User Security Behavior Intentions, in International Conference on Information Systems, pp. 1543-1561. Milwaukee, WI.
7. Aytes, K. and C. Terry (2004) Computer security and risky computing practices: A rational choice perspective, Journal of Organizational and End User Computing (16) 3, pp. 22-40.
8. Bagchi, K. and G. Udo (2003) An analysis of the growth of computer and internet security breaches, Communications of the AIS (12), pp. 684-700.
9. Bandura, A. (1977) Self-efficacy: Toward a unifying theory of behavior change, Psychological Review (84). 191-215.
10. Bandura, A. (1982) Self-efficacy mechanism in human agency, American Psychologist 37, pp. 122-147.
11. Baron, R. and D. Kenny (1986) The moderator-mediator variable distinction in social psychological research: conceptual, strategic, and statistical considerations, J Person Soc Psych (51) 6, pp. 1173-1182.
12. Baskerville, R. (1991) Risk analysis as a source of professional knowledge, Computer & Security (10) 8, pp. 749-764.
13. Baskerville, R. (1991) Risk analysis: an interpretive feasibility tool in justifying information systems security, European Journal of Information Systems (1) 2, pp. 121-130.
14. Baskerville, R. (1993) Information systems security design methods: implications for information systems development, ACM Computing Surveys (25) 4, pp. 375-414.
15. Beaudry, A. and A. Pinsonneault (2005) Understanding user responses to information technology: A coping model of user adaptation, MIS Quarterly (29) 3, pp. 493-524.
16. Bobko, P. and C. J. Russell (1994) On theory, statistics, and the search for interactions in the organizational sciences, Journal of Management (20), pp. 193-200.
17. Carte, T. and C. Russell (2003) In Pursuit of Moderation: Nine Common Errors and Their Solutions, MIS Quarterly (27) 3, pp. 479-501.
18. Carver, C. S. and M. F. Scheier (1982) Control theory: A useful conceptual framework for personalitysocial, clinical, and health psychology, Psychological Bulletin (92) 1, pp. 111-135.
19. Champion, V. and C. Scott (1997) Reliability and validity of breast cancer screening belief scales in African American women, Nursing Research (46) 6, pp. 331-337.
20. Chau, P. Y. K. (2001) Influence of computer attitude and self-efficacy on IT usage behavior, Journal of End User Computing (13) 1, pp. 26.
21. Chin, W. W., B. L. Marcolin, and P. R. Newsted (2003) A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic Mail Emotion/Adoption Study, Information Systems Research (14) 2, pp. 189-217.
22. Cohen, J. (1988) Statistical Power Analysis for the Behavioral Sciences, 2nd edition. Hillsdale, NJ: Lawrence Erlbaum.
23. Compeau, D. R. and C. A. Higgins (1995) Computer self-efficacy: development of a measue and initial test, MIS Quarterly (19), pp. 189-211.
24. Compeau, D. R., C. A. Higgins, and S. Huff (1999) Social cognitive theory and individual reactions to computing technology: a longitudinal study, MIS Quarterly (23) 2, pp. 145-158.
25. Consumer Reports. (2009) State of the Net 2009. Consumer Reports National Research Center.
26. CSI. (2009) Computer crime & security survey 2009. Computer Security Institute.
27. D'Arcy, J., A. Hovav, and D. F. Galletta (2009) User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach, Information Systems Research (20) 1, pp. 79-98.
28. Davis, F. D. (1989) Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology, MIS Quarterly (13) 3, pp. 319-338.
29. Davis, F. D., R. P. Bagozzi, and P. R. Warshaw (1989) User Acceptance of Computer Technology: A Comparison of Two Theoretical Models, Management Science (35) 8, pp. 982-1003.
30. Day, J. C., A. Janus, and J. Davis. (2005) Computer and Internet Use in the United States: 2003. US Census Bureau.
31. Dhillon, G. and J. Backhouse (2000) Information system security management in the new millennium, Communications of the ACM (43) 7, pp. 125-128.
32. Edwards, J. (1992) A cybernetic theory of stress, coping, and well-being in organizations, Academy of Management Review (17) 2, pp. 238-274.
33. Fishbein, M. and I. Ajzen (1975) Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. Reading, MA: Addison-Wesley.
34. Fornell, C. and F. L. Bookstein (1982) Two Structural Equation Models: LISREL and PLS Applied to Consumer Exit-Voice Theory, Journal of Marketing Research 19pp. 440-452.
35. Fornell, C. and D. F. Larcker (1981) Evaluating Structural Equation Models with Unobservable Variables and Measurement Error, Journal of Marketing Research (18) 1, pp. 39-50.
36. Freud, S. (1915) Repression, in, vol. XIVComplete psychological works of Sigmund Freud, London: Hogarth.
37. Gefen, D., D. Straub, and M. Boudreau (2000) Structural equation modeling and regression: guidelines for research practice, Communications of the AIS (4) 7.
38. Gordon, L. A., M. P. Loeb, W. Lucyshyn, and R. Richardson. (2006) 2006 CSI/FBI computer crime and security survey. Computer Security Institute.
39. Handy, C. (1995) Trust and the virtual organization, Harvard Business Review (73) 3, pp. 40-50.
40. James, W. (1890) The principles of psychology. Vol. 2. New York: Henry Holt & Co.
41. Janz, N. K. and M. H. Becker (1984) The health belief model: a decade later, Health Education Quarterly (11) 1, pp. 1-45.
42. Jones, S. and S. Fox. (2009) Generations Online in 2009. Pew Internent & American Life Project.
43. Lazarus, R. (1966) Psychological stress and the coping process. New York: McGraw-Hill.
44. Lazarus, R. and S. Folkman (1984) Stress, coping, and adaptation. New York: Springer-Verlag.
45. Liang, H., N. Saraf, Q. Hu, and Y. Xue (2007) Assimilation of enterprise systems: the effect of institutional pressures and the mediating role of top management, MIS Quarterly, 31(1), 59-7.
46. Liang, H. and Y. Xue (2009) Avoidance of information technology threats: A theoretical perspective, MIS Quarterly (33) 1, pp. 71-90.
47. Loch, K. D., H. H. Carr, and M. E. Warkentin (1992) Threats to information systems: Today's reality, yesterday's understanding, MIS Quarterly (16) 2, pp. 173-186.
48. Maddus, J. E. and R. W. Rogers (1983) Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change, Journal of Experimental Social Psychology (19), pp. 469-479.
49. Maslow, A. H. (1943) A Theory of Human Motivation, Psychological Review (50) 4, pp. 370-396.
50. Milne, S., S. Orbell, and P. Sheeran (2002) Combining Motivational and Volitional Interventions to Promote Exercise Participation: Protection Motivation Theory and Implementation Intentions, British Journal of Health Psychology (7), pp. 163-184.
51. Ng, B.-Y., A. Kankanhalli, and Y. C. Xu (2009) Studying users' computer security behavior: A health belief perspective, Decision Support System (46) 4, pp. 815-825.
52. Nunnally, J. (1978) Psychometric theory, 2nd edition. New York: McGraw-Hill.
53. Podsakoff, P. M., S. B. MacKenzie, J. Y. Lee, and N. P. Podsakoff (2003) Common method biases in behavioral research: a critical review of the literature and recommended remedies, Journal of Applied Psychology (88) 5, pp. 879-903.
54. Podsakoff, P. M. and D. W. Organ (1986) Self-reports in organizational research: problems and prospects, Journal of Management (12) 4, pp. 531-544.
55. Ringle, C. M., S. Wende, and A. Will (2005) SmartPLS, 2.0 (beta) edition. Hamburg, Germany.
56. Rippetoe, P. A. and R. W. Rogers (1987) Effects of components of protection-motivation theory on adaptive and maladaptive coping with a health threat, Journal of Personality and Social Psychology (52) 3, pp. 596-604.
57. Rogers, R. W. (1975) A protection motivation theory of fear appeals and attitude change, Journal of Psychology (91), pp. 93-114.
58. Rogers, R. W. (1983) Cognitive and physiological process in fear appeals and attitude change: a revised theory of protection motivation, in J. Cacioppo and R. Petty (Eds.) Social Psychophysiology: a source book, New York: Guilford Press, pp. 153-176.
59. Rosenstock, I. M. (1974) The health belief model and preventive health behavior, Health Education Monographs 2pp. 354-386.
60. Saleeby, J. R. (2000) Health beliefs about mental illness: an instrument development study, American Journal of Health Behavior (24) 2, pp. 83-95.
61. Schultz, E. (2003) Pandora's box: spyware, adware, autoexecution, and NGSCB, Computer & Security (22) 5, pp. 366-367.
62. Shaw, G. (2003) Spyware & Adware: the Risks facing Businesses, Network Security (2003) 9, pp. 12-14.
63. Sipior, J. C., B. T. Ward, and G. R. Roselli (2005) The ethical and legal concerns of spyware, Information Systems Management (22) 2, pp. 39-49.
64. Smith, H., S. Milberg, and S. Burke (1996) Information privacy: measuring individuals' concerns about organizational practices, MIS Quarterly (20) 2, pp. 167-196.
65. Stafford, T. F. and A. Urbaczewski (2004) Spyware: the ghost in the machine, Communications of the AIS 14, pp. 291-306.
66. Straub, D. and R. Welke (1998) Coping with systems risk: security planning models for management decision making, MIS Quarterly (22) 4, pp. 441-469.
67. Tanner, J. F., J. B. Hunt, and D. R. Eppright (1991) The protection motivation model: a normative model of fear appeals, Journal of Marketing (55), pp. 36-45.
68. Venkatesh, V. (2000) Determinants of Perceived Ease of Use: Integrating Control, Intrinsic Motivation, and Emotion into the Technology Acceptance Model, Information Systems Research (11) 4, pp. 342-365.
69. Venkatesh, V., M. G. Morris, G. B. Davis, and F. D. Davis (2003) User acceptance of information technology: toward a unified view, MIS Quarterly (27) 3, pp. 425-478.
70. Warkentin, M. and A. C. Johnston (2006) IT Security Governance and Centralized Security Controls, in M. Warkentin and R. Vaughn (Eds.) Enterprise Information Assurance and System Security: Managerial and Technical Issues, Hershey, PA: Idea Group Publishing, pp. 16-24.
71. Weinstein, N. D. (1993) Testing four competing theories of health-protective behavior, Health Psychology (12) 4, pp. 324-333.
72. Weinstein, N. D. (2000) Perceived probability, perceived severity, and health-protective behavior, Health Psychology (19) 1, pp. 65-74.
73. Williams, L. J., J. R. Edwards, and R. J. Vandenberg (2003) Recent advances in causal modeling methods for organizational and management research, Journal of Management (29) 6, pp. 903-936.
74. Woon, I., G. W. Tan, and R. Low (2005) A Protection Motivation Theory Approach to Home Wireless Security, in International Conference on Information Systems, pp. 367-380. Las Vegas, NV.
75. Workman, M., W. H. Bommer, and D. Straub (2008) Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test, Computers in Human Behavior (24) 6, pp. 2799-2816.